Photo: 123RF
A law firm believes an increasing number of businesses are paying cyber criminals after being targeted in ransomware attacks.
Attacks involved installing malicious software or malware on a computer or device that usually encrypts files, making them unusable, and a ransom payment was demanded to restore access.
A 2024 survey of 150 New Zealand organisations by international IT company Cloudfare found that 44 percent of those targeted in the past two years paid up, despite 89 percent of them publicly pledging not to.
Law firm Simpson Grierson's cybersecurity and data disputes head Jania Baigent said the survey reflected organisations' shift in attitude to paying ransoms over the last few years.
"At Simpson Grierson there has been a complete change in the way people talk about it. Three or four years ago many business owners wouldn't admit to even considering paying a ransom. This would be in accordance with government advice 'don't pay, we don't like paying criminal organisations and it makes New Zealand a more attractive target to criminal organisations if you pay'," she said.
"[The shift] relates to a 2024 report produced by the Australian Institute of Directors which published guidance to boards on how to make decisions about whether to pay a ransom. To my mind this really legitimised the concept of paying a ransom and now ransoms are being paid more by smaller, medium businesses in particular even though it still remains a little bit of a dirty word on the street."
Baigent said her firm was increasingly getting requests from businesses for advice on how to deal with ransomware attacks.
"Our clients are engaging in discussions about whether it might be in their organisation's best interests in circumstances to make these payments. It depends totally on the situation the organisation is in and the assessment of risk factors involved," she said.
"Something to think about is who is making the threat, and experts are usually called in to assist at this stage to check the legitimacy of the threat actor and try as much as they can to make an assessment as to whether if you make a payment it will be effective."
Baigent said ransomware attacks could be hugely damaging and there was a risk the information would be sold on the dark web.
Companies of all sizes were vulnerable, she said.
"The large enterprises have resources but they're also more likely to have greater amounts of data and their customers and employees will face possibly greater harm if in fact their data is dumped by these threat actors," she said.
"All levels of organisations have real, real risks that they have to contend with when facing ransomware attacks."
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
